incoming ftp problem - solved
Whit Blauvelt
whit@transpect.com
Fri, 21 Dec 2001 13:09:10 -0500
Hi,
These rules are now working for me. Am I doing anything more than what's
necessary?
# ACCEPT active FTP data connections
$INPUT -m state --state ESTABLISHED,RELATED -i $EXT_IFACE \
-p tcp -d $IP --dport ftp-data --sport 1024: \
-j ACCEPT
# ACCEPT passive FTP data connections
$INPUT -m state --state RELATED -i $EXT_IFACE \
-p tcp -d $IP --dport 1024: --sport 1024: \
-j ACCEPT
So far, seems to work well for both active and passive. The "ESTABLISHED" in
the first rule is necessary.
This replaces the ACCEPT active FTP section in Seann Herdejurgen's script
that I posted to the list a week ago.
Whit